Regular Expression Denial of Service

Overview Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of Concept javascript var ms = require'ms'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

SUSE SLED11 / SLES11 Security Update : icu (SUSE-SU-2015:1790-1)

icu was updated to fix one security issue. This security issue was fixed : - CVE-2014-9654: Insufficient size limit checks in regular expression compiler bsc917129. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable h...

Regular Expression Denial of Service

Overview Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later. References - Issue 152, Comment 48107184 - GitHub Advisory...

Regular Expression Denial of Service

Overview Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Recommendation Update to version 4.3.2 or later References - Regular Expression Denial of Service - OWASP - GitHub Advisory...

Regular Expression Denial of Service

Overview Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ReDoS vulnerability when passed inputs that reach the em inline rule. Recommendation Update to version 0.3.4 or later. References - Regular Expression Denial of Service - OWASP - Issue 497 - GitHu...

SUSE-SU-2015:1790-1 Security update for icu

icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler bsc917129...

Memory corruption

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

CVE-2015-2482

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

Microsoft Windows JavaScript Regular Expression Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to search and replac...

bugzilla: unauthorized account creation

Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested...

ownCloud: apps.owncloud.com: Referer protection Bypassed

@herlove has reported a vulnerability within the appstore at apps.owncloud.com allowing an adversary to bypass the HTTP referer based CSRF protection. This issue was caused by an insufficient regular expression which has been patched meanwhile. On request of the reporter this issue has been...

CVE-2013-4486

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging...

[SECURITY] Fedora 22 Update: pcre-8.37-4.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

Bugzilla security issues

Bugzilla Security Advisory Login names usually an email address longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the...

Amazon Linux: Security Advisory (ALAS-2013-270)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out-of-bounds

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

Code injection

The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression...